= Podman Security =

`podman(1)` is designed to simplify the networking and process management that make `dockerd(8)` difficult to [[Docker/Security|harden]].

<<TableOfContents>>

----



== Rootless Mode ==

It is possible to avoid the use of `root` entirely.

On [[Linux/Fedora|Fedora]] and derivative distributions, `podman(1)` is pre-configured to run in this manner.

On [[Linux/Arch|Arch Linux]], install the `fuse-overlayfs` package.

Configure `/etc/subuid` with a user name, UID range start, and UID range size.

{{{
somebody:165536:65536
}}}

Similarly, configure `/etc/subgid` like:

{{{
somebody:165536:65536
}}}

Finally run `podman system migrate` to make the pause process reload.

It may be necessary to also enable lingering, so that user owned processes can remain running after logout.

{{{
loginctl enable-linger username
}}}



----
CategoryRicottone